CrowdStrike Falcon Cloud Security

I have been using CrowdStrike Falcon Cloud Security  for more than a year, approximately one and a half to two years.

My main use case for CrowdStrike Falcon Cloud Security  is in our environment where we run workloads across multiple AWS  accounts. Our organization is already using native tools from AWS  such as GuardDuty, Inspector , and Security Hub. However, management decided they wanted deeper protection and better monitoring across all accounts. They wanted a centralized solution that would provide an additional layer of security. Although we already have in-house tools, we wanted an overlaying layer for faster threat detection and visibility in one central place. CrowdStrike Falcon Cloud Security helped us bridge this gap and extend our security across all other accounts. It has provided us a good layer of protection across all workloads including EC2 , EKS, ECS, and several parts of our Linux servers.

To compare CrowdStrike Falcon Cloud Security to the native AWS tools I mentioned, such as GuardDuty and Inspector , we needed deep visibility and real-time threat protection. Along with the native AWS tools, we wanted an extra overlaying layer of security to our cloud environment to strengthen our environment security. We chose CrowdStrike Falcon Cloud Security to provide faster threat detection. This is why our organization decided to go with this solution.

I have seen a return on investment by preventing potential incidents and reducing threats, anomalies, or misconfigurations.CrowdStrike Falcon Cloud Security has nearly saved us some amount, though I am not exactly sure of the numbers since the Finops team handles the financial side. What we have gained from CrowdStrike Falcon Cloud Security is that EC2  downtime has been prevented and time has been saved considerably, around eight to ten hours per week through automatic onboarding and centralized visibility. We no longer need to switch between ten plus AWS accounts or perform manual scanning. We can now bring all our accounts together in one tool or solution. Our security has been significantly increased and it is pretty stable in our environment. This is one thing that CrowdStrike Falcon Cloud Security literally gave us with a positive impact and makes it a good investment.

To provide more detail about my main use case and how I use CrowdStrike Falcon Cloud Security day-to-day, I can share a specific example where it helped me respond to a threat. Recently, we had production EC2 instances across multiple AWS accounts, and CrowdStrike Falcon  sensor was deployed automatically using the SSM Manager. We saw an alert where CrowdStrike detected anomalous behavior originating from some rogue IP address. This appeared to be potentially a DDoS attack in our cloud environment, which is fairly common when hackers try to get inside your network and gather organizational data. CrowdStrike performed very well here, detecting the alert and helping us identify that someone was trying to gain access. This really helped us have a broader view, and we acted accordingly in response to it. In any fault and threat detection, CrowdStrike Falcon  plays a crucial role in our environment and gives us a clear point where we can focus our efforts rather than hunting down what is happening.

The best features CrowdStrike Falcon Cloud Security offers include their runtime security, particularly CrowdStrike CWPP . Their runtime security monitors processes at the kernel level and blocks any malicious behavior in real time. This is really good from Falcon  as it protects workloads such as EC2 containers and Linux and Windows workloads at the OS level and kernel level. It detects any kind of credential theft or any movement within these workloads. Additionally, we see it elevates container security in terms of EKS, ECS, and ECR. It scans every image in our ECR and provides real-time vulnerability detection and protection for our container workloads.

Their threat intelligence is really good, and that is one part we really appreciate about Falcon  threat intelligence.

Regarding how CrowdStrike Falcon Cloud Security can be improved, I would say they can improve their support. There were a couple of cases where we needed to escalate issues in order to get proper support. That part could use some tweaking on their end. Additionally, the recent incident during the last summer literally impacted our systems. We had some of our workloads that affected the business, and it was a difficult experience. Apart from that, it is a good tool and the experience with CrowdStrike Falcon Cloud Security has been excellent. We did not find any kind of issues, but if they could improve their response to security-related incidents and provide on-time support or better understand our concerns and address them accordingly, it could be very helpful.

Regarding needed improvements, I think they should enhance automatic alerting with CI/CD scanning and reporting capabilities. Additionally, it would be better to implement Falcon sensor health monitoring so agents are always active. We could know how it is behaving and how it is treating our environment. That could be a little helpful.

The customer support is pretty good, but it can be improved a little bit. I would rate the customer support on a scale of one to ten as a six. They have many improvements that need to be made.

Before choosing CrowdStrike Falcon Cloud Security, we also looked at Wiz , which is another cloud security platform. We evaluated Wiz  before moving to CrowdStrike Falcon Cloud Security.

Regarding my experience with pricing, setup cost, and licensing, the sales team deals directly with this kind of pricing. In terms of licensing, it is a little expensive. CrowdStrike Falcon Cloud Security is on the higher side of the price part.

The advice I would give to others looking into using CrowdStrike Falcon Cloud Security is that if they already have any in-house cloud tools and want to enhance their security in their cloud environment, CrowdStrike Falcon Cloud Security can bring a positive impact. It is a really value-for-money tool. Otherwise, we did not see any issues. It runs lightweight and it gives accurate alerts, so there are no more false alarms. It is a good product to enhance your cloud and strengthen your security. I would rate this product an eight out of ten.

I usually work with CrowdStrike Falcon Cloud Security . I work with all the modules, IDP , and the Falcon  EDR. My experience with them has been great. I requested information because a customer was about to switch from CrowdStrike IDP  to Microsoft ITDR , so I needed to understand the differences and what makes ITDR  special. I work as customer support for the majority of banks in Nigeria, supporting their CrowdStrike Falcon Cloud Security  implementation. I needed to understand what was making some of them switch from CrowdStrike to ITDR, and the basic reason was cost. In terms of technicality, CrowdStrike Falcon Cloud Security was obviously better, but it was a bit expensive for them.

The typical use case for cloud security varies. Sometimes, rather than using Rapid7 exposure management, some customers use CrowdStrike Falcon Cloud Security to monitor their assets on the cloud, providing insights into vulnerabilities on machines, exposed assets, and misconfigurations.

Compared to before, in respect to breaches and downtime, they have seen significant differences.

Customers love the UI of CrowdStrike Falcon Cloud Security. They appreciate everything about the dashboard and dashlet. The majority of customers particularly love how seamless the integration is - just copy and paste in your AWS  terminal and you're good to go.

The threat detection capability of CrowdStrike Falcon Cloud Security has always been the major seller, and it works effectively. Looking at the detection index for the last two years, CrowdStrike Falcon Cloud Security is consistently ranked number one. Then you have MD and Sentinel  alternating positions. In terms of threat detection, CrowdStrike Falcon Cloud Security has always been top-notch in how they explain the workflows.

In terms of improvement, CrowdStrike Falcon Cloud Security could expand into the remediation path. While there is the IT security module, looking at competitors such as Vicarious and SCCM, there is room for advanced capabilities. If CrowdStrike Falcon Cloud Security could implement pushing out remediation from the sensor installed on machines, that would be beneficial. This feature is likely in their pipeline, but implementing it faster would help them maintain their competitive edge.

I am a partner with CrowdStrike Falcon Cloud Security.

The initial setup and deployment of the solution is straightforward.

I have seen a return on investment with CrowdStrike Falcon Cloud Security.

CrowdStrike Falcon Cloud Security is relatively new, approximately a year or two old. I have experience working with both CrowdStrike Falcon Cloud Security and Microsoft Defender for Identity .

I work with CrowdStrike Falcon Cloud Security, Falcon LogScale , Observability , and Sandbox. Different teams manage different parts of CrowdStrike's workload protection features.

I rate CrowdStrike Falcon Cloud Security 9 out of 10 overall.